diff --git a/api/auth_token.go b/api/auth_token.go
index 32c77bc620..86595175bc 100644
--- a/api/auth_token.go
+++ b/api/auth_token.go
@@ -1,6 +1,8 @@
 package api
 
-import "context"
+import (
+	"context"
+)
 
 // TokenAuth is used to perform token backend operations on Vault
 type TokenAuth struct {
diff --git a/changelog/13233.txt b/changelog/13233.txt
new file mode 100644
index 0000000000..718f5207fd
--- /dev/null
+++ b/changelog/13233.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+core/token: Fix null token panic from 'v1/auth/token/' endpoints and return proper error response.
+```
\ No newline at end of file
diff --git a/vault/request_handling.go b/vault/request_handling.go
index f65908b5e8..83f654e0d3 100644
--- a/vault/request_handling.go
+++ b/vault/request_handling.go
@@ -553,7 +553,7 @@ func (c *Core) handleCancelableRequest(ctx context.Context, req *logical.Request
 				break
 			}
 			if token == nil {
-				return logical.ErrorResponse("bad token"), logical.ErrPermissionDenied
+				return logical.ErrorResponse("invalid token"), logical.ErrPermissionDenied
 			}
 			_, nsID := namespace.SplitIDFromString(token.(string))
 			if nsID != "" {